The test va_128TBswitch.c expects to be able to pass mmap an address hint
and length that cross the address 1<<47. This is not possible without
5-level page tables, so the test fails.
The test is already only run on 64-bit powerpc and x86 archs, but this
patch adds an additional check that skips the test if PG_TABLE_LEVELS < 5.
There is precedent for checking /proc/config.gz in selftests, e.g. in
selftests/firmware.
Signed-off-by: Adam Sindelar <adam(a)wowsignal.io>
---
tools/testing/selftests/vm/Makefile | 1 +
tools/testing/selftests/vm/run_vmtests.sh | 13 +++++++---
tools/testing/selftests/vm/va_128TBswitch.sh | 26 ++++++++++++++++++++
3 files changed, 36 insertions(+), 4 deletions(-)
create mode 100755 tools/testing/selftests/vm/va_128TBswitch.sh
diff --git a/tools/testing/selftests/vm/Makefile b/tools/testing/selftests/vm/Makefile
index 68cacffc93ec..bc64ca1e0de3 100644
--- a/tools/testing/selftests/vm/Makefile
+++ b/tools/testing/selftests/vm/Makefile
@@ -80,6 +80,7 @@ endif
TEST_PROGS := run_vmtests.sh
TEST_FILES := test_vmalloc.sh
+TEST_FILEs += va_128TBswitch.sh
KSFT_KHDR_INSTALL := 1
include ../lib.mk
diff --git a/tools/testing/selftests/vm/run_vmtests.sh b/tools/testing/selftests/vm/run_vmtests.sh
index e953f3cd9664..10cccbedaaa1 100755
--- a/tools/testing/selftests/vm/run_vmtests.sh
+++ b/tools/testing/selftests/vm/run_vmtests.sh
@@ -290,12 +290,17 @@ fi
echo "-----------------------------"
echo "running virtual address 128TB switch test"
echo "-----------------------------"
-./va_128TBswitch
-if [ $? -ne 0 ]; then
+./va_128TBswitch.sh
+ret_val=$?
+
+if [ $ret_val -eq 0 ]; then
+ echo "[PASS]"
+elif [ $ret_val -eq $ksft_skip ]; then
+ echo "[SKIP]"
+ exitcode=$ksft_skip
+else
echo "[FAIL]"
exitcode=1
-else
- echo "[PASS]"
fi
fi # VADDR64
diff --git a/tools/testing/selftests/vm/va_128TBswitch.sh b/tools/testing/selftests/vm/va_128TBswitch.sh
new file mode 100755
index 000000000000..f7b9db0bfd33
--- /dev/null
+++ b/tools/testing/selftests/vm/va_128TBswitch.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+#
+# Copyright (C) 2022 Adam Sindelar (Meta) <adam(a)wowsignal.io>
+#
+# This is a test for mmap behavior with 5-level paging. This script wraps the
+# real test to check that the kernel is configured to support at least 5
+# pagetable levels.
+
+# 1 means the test failed
+exitcode=1
+
+# Kselftest framework requirement - SKIP code is 4.
+ksft_skip=4
+
+check_test_requirements()
+{
+ pg_table_levels=$(gzip -dcfq /proc/config.gz | grep PGTABLE_LEVELS | cut -d'=' -f 2)
+ if [ $pg_table_levels -lt 5 ]; then
+ echo "$0: PG_TABLE_LEVELS=${pg_table_levels}, must be >= 5 to run this test"
+ exit $ksft_skip
+ fi
+}
+
+check_test_requirements
+./va_128TBswitch
--
2.30.2
This patch series makes two changes to how KUnit test suites are stored
and executed:
- The .kunit_test_suites section is now used for tests in modules (in
lieu of a module_init funciton), as well as for built-in tests. The
module loader will now trigger test execution. This frees up the
module_init function for other uses.
- Instead of storing an array of arrays of suites, have the
kunit_test_suite() and kunit_test_suites() macros append to one global
(or per-module) list of test suites. This removes a needless layer of
indirection.
The upshot of this is that it should now be possible to use the
kunit_test_suite() and kunit_test_suites() macros to register test
suites even from within modules which otherwise had module_init
functions. This was proving to be quite a common issue, resulting in
several modules calling into KUnit's private suite execution functions
to run their tests (often introducing incompatibilities with the KUnit
tooling).
This series also fixes the thunderbolt, nitro_enclaves, and
sdhci-of-aspeed tests to use kunit_test_suite() now that it works.
Huge thanks to Jeremy Kerr, who designed and implemented the module
loader changes, and to Daniel Latypov for pushing the simplification of
the nested arrays in .kunit_test_suites.
I've tested this series both with builtin tests, and with modules on
x86_64, but there's always the possibility that there's something subtle
and nasty on another architecture, so please test!
Cheers,
-- David
Daniel Latypov (1):
kunit: flatten kunit_suite*** to kunit_suite** in .kunit_test_suites
David Gow (3):
thunderbolt: test: Use kunit_test_suite() macro
nitro_enclaves: test: Use kunit_test_suite() macro
mmc: sdhci-of-aspeed: test: Use kunit_test_suite() macro
Jeremy Kerr (1):
kunit: unify module and builtin suite definitions
drivers/mmc/host/Kconfig | 5 +-
drivers/mmc/host/sdhci-of-aspeed-test.c | 8 +-
drivers/mmc/host/sdhci-of-aspeed.c | 27 ----
drivers/thunderbolt/Kconfig | 5 +-
drivers/thunderbolt/domain.c | 3 -
drivers/thunderbolt/tb.h | 8 -
drivers/thunderbolt/test.c | 12 +-
drivers/virt/nitro_enclaves/Kconfig | 5 +-
drivers/virt/nitro_enclaves/ne_misc_dev.c | 27 ----
.../virt/nitro_enclaves/ne_misc_dev_test.c | 5 +-
include/kunit/test.h | 60 ++------
include/linux/module.h | 5 +
kernel/module/main.c | 6 +
lib/kunit/executor.c | 117 ++++-----------
lib/kunit/executor_test.c | 139 +++++-------------
lib/kunit/test.c | 54 ++++++-
16 files changed, 152 insertions(+), 334 deletions(-)
--
2.36.1.476.g0c4daa206d-goog
KUnit unifies the test structure and provides helper tools that simplify
the development of tests. The basic use case allows running tests as regular
processes, which makes it easier to run unit tests on a development machine
and to integrate the tests into a CI system.
That said, the conversion of selftests for DRM to KUnit tests is beneficial
as it unifies the testing API by using the KUnit API.
KUnit is beneficial for developers as it eases the process to run unit tests.
It is possible to run the tests by using the kunit-tool on userspace with the
following command:
./tools/testing/kunit/kunit.py run --kunitconfig=drivers/gpu/drm/tests --arch=x86_64
For CI system, it is possible to execute during the build. But, we also think
about IGT: we are developing a patch to introduce KUnit to IGT.
These patches were developed during a KUnit hackathon [0] last October. Now,
we believe that both the IGT side and the Kernel side are in good shape for
submission.
If you are willing to check the output, here is the Pastebin with the output
and execution times [1].
[0] https://groups.google.com/g/kunit-dev/c/YqFR1q2uZvk/m/IbvItSfHBAAJ
[1] https://pastebin.com/FJjLPKsC
- Arthur Grillo, Isabella Basso, and Maíra Canal
Arthur Grillo (2):
drm: selftest: refactor drm_cmdline_parser
drm: selftest: convert drm_mm selftest to KUnit
Maíra Canal (8):
drm: selftest: convert drm_damage_helper selftest to KUnit
drm: selftest: convert drm_cmdline_parser selftest to KUnit
drm: selftest: convert drm_rect selftest to KUnit
drm: selftest: convert drm_format selftest to KUnit
drm: selftest: convert drm_plane_helper selftest to KUnit
drm: selftest: convert drm_dp_mst_helper selftest to KUnit
drm: selftest: convert drm_framebuffer selftest to KUnit
drm: selftest: convert drm_buddy selftest to KUnit
drivers/gpu/drm/Kconfig | 20 +-
drivers/gpu/drm/Makefile | 2 +-
drivers/gpu/drm/selftests/Makefile | 8 -
.../gpu/drm/selftests/drm_buddy_selftests.h | 15 -
.../gpu/drm/selftests/drm_cmdline_selftests.h | 68 -
drivers/gpu/drm/selftests/drm_mm_selftests.h | 28 -
.../gpu/drm/selftests/drm_modeset_selftests.h | 40 -
drivers/gpu/drm/selftests/drm_selftest.c | 109 --
drivers/gpu/drm/selftests/drm_selftest.h | 41 -
drivers/gpu/drm/selftests/test-drm_buddy.c | 994 --------------
.../drm/selftests/test-drm_cmdline_parser.c | 1141 -----------------
.../drm/selftests/test-drm_damage_helper.c | 667 ----------
drivers/gpu/drm/selftests/test-drm_format.c | 280 ----
.../drm/selftests/test-drm_modeset_common.c | 32 -
.../drm/selftests/test-drm_modeset_common.h | 52 -
drivers/gpu/drm/tests/.kunitconfig | 3 +
drivers/gpu/drm/tests/Kconfig | 130 ++
drivers/gpu/drm/tests/Makefile | 10 +
drivers/gpu/drm/tests/test-drm_buddy.c | 748 +++++++++++
.../gpu/drm/tests/test-drm_cmdline_parser.c | 799 ++++++++++++
.../gpu/drm/tests/test-drm_damage_helper.c | 633 +++++++++
.../test-drm_dp_mst_helper.c | 82 +-
drivers/gpu/drm/tests/test-drm_format.c | 284 ++++
.../test-drm_framebuffer.c | 25 +-
.../drm/{selftests => tests}/test-drm_mm.c | 1135 +++++++---------
.../test-drm_plane_helper.c | 101 +-
.../drm/{selftests => tests}/test-drm_rect.c | 124 +-
27 files changed, 3240 insertions(+), 4331 deletions(-)
delete mode 100644 drivers/gpu/drm/selftests/Makefile
delete mode 100644 drivers/gpu/drm/selftests/drm_buddy_selftests.h
delete mode 100644 drivers/gpu/drm/selftests/drm_cmdline_selftests.h
delete mode 100644 drivers/gpu/drm/selftests/drm_mm_selftests.h
delete mode 100644 drivers/gpu/drm/selftests/drm_modeset_selftests.h
delete mode 100644 drivers/gpu/drm/selftests/drm_selftest.c
delete mode 100644 drivers/gpu/drm/selftests/drm_selftest.h
delete mode 100644 drivers/gpu/drm/selftests/test-drm_buddy.c
delete mode 100644 drivers/gpu/drm/selftests/test-drm_cmdline_parser.c
delete mode 100644 drivers/gpu/drm/selftests/test-drm_damage_helper.c
delete mode 100644 drivers/gpu/drm/selftests/test-drm_format.c
delete mode 100644 drivers/gpu/drm/selftests/test-drm_modeset_common.c
delete mode 100644 drivers/gpu/drm/selftests/test-drm_modeset_common.h
create mode 100644 drivers/gpu/drm/tests/.kunitconfig
create mode 100644 drivers/gpu/drm/tests/Kconfig
create mode 100644 drivers/gpu/drm/tests/Makefile
create mode 100644 drivers/gpu/drm/tests/test-drm_buddy.c
create mode 100644 drivers/gpu/drm/tests/test-drm_cmdline_parser.c
create mode 100644 drivers/gpu/drm/tests/test-drm_damage_helper.c
rename drivers/gpu/drm/{selftests => tests}/test-drm_dp_mst_helper.c (73%)
create mode 100644 drivers/gpu/drm/tests/test-drm_format.c
rename drivers/gpu/drm/{selftests => tests}/test-drm_framebuffer.c (96%)
rename drivers/gpu/drm/{selftests => tests}/test-drm_mm.c (58%)
rename drivers/gpu/drm/{selftests => tests}/test-drm_plane_helper.c (62%)
rename drivers/gpu/drm/{selftests => tests}/test-drm_rect.c (53%)
--
2.36.1
Commit 8ff978b8b222 ("ipv4/raw: support binding to nonlocal addresses")
introduced support for binding to nonlocal addresses, as well as some
basic test coverage for some of the cases.
Commit b4a028c4d031 ("ipv4: ping: fix bind address validity check")
fixes a regression which incorrectly removed some checks for bind
address validation. In addition, it introduces regression tests for
those specific checks. However, those regression tests are defective, in
that they perform the tests using an incorrect combination of bind
flags. As a result, those tests fail when they should succeed.
This commit introduces additional regression tests for nonlocal binding
and fixes the defective regression tests.
PLEASE NOTE THAT THIS PATCH SHOULD NOT BE APPLIED AS-IS. The ICMP
broadcast and multicast regression tests succeed, but they do so while
returning the wrong error status. In particular, it isn't the bind that
fails, but the socket creation. This is /not/ correct, and it must be
investigated to have proper regression testing. Other instances where
this happens are: 1) if the broadcast/multicast addresses are replace
with an allowed (e.g. local) address (bind should work, but socket is
never created in the first place); 2) the commented out tests (nonlocal
bind should work but ditto.) Additionally, please note that when the
test cases are manually (i.e. without the network namespace setup from
fcnal-test.sh) ran, the expected/correct outcome is observed. The reason
I'm submitting this patch for comments, is that I'm failing to
understand where the issue lies. (Disclamer: might be something
stupid/trivial that I'm plainly missing due to tunnel vision.)
Signed-off-by: Riccardo Paolo Bestetti <pbl(a)bestov.io>
---
tools/testing/selftests/net/fcnal-test.sh | 36 +++++++++++++++++------
1 file changed, 27 insertions(+), 9 deletions(-)
diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh
index 75223b63e3c8..778288539879 100755
--- a/tools/testing/selftests/net/fcnal-test.sh
+++ b/tools/testing/selftests/net/fcnal-test.sh
@@ -1800,24 +1800,33 @@ ipv4_addr_bind_novrf()
done
#
- # raw socket with nonlocal bind
+ # tests for nonlocal bind
#
a=${NL_IP}
log_start
- run_cmd nettest -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b
- log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after device bind"
+ run_cmd nettest -s -R -f -l ${a} -b
+ log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
+
+ log_start
+ run_cmd nettest -s -f -l ${a} -b
+ log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address"
+
+ # currently fails with ACCES
+ #log_start
+ #run_cmd nettest -s -D -P icmp -f -l ${a} -b
+ #log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address"
#
# check that ICMP sockets cannot bind to broadcast and multicast addresses
#
a=${BCAST_IP}
log_start
- run_cmd nettest -s -R -P icmp -l ${a} -b
+ run_cmd nettest -s -D -P icmp -l ${a} -b
log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address"
a=${MCAST_IP}
log_start
- run_cmd nettest -s -R -P icmp -f -l ${a} -b
+ run_cmd nettest -s -D -P icmp -l ${a} -b
log_test_addr ${a} $? 1 "ICMP socket bind to multicast address"
#
@@ -1870,24 +1879,33 @@ ipv4_addr_bind_vrf()
log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
#
- # raw socket with nonlocal bind
+ # tests for nonlocal bind
#
a=${NL_IP}
log_start
- run_cmd nettest -s -R -P icmp -f -l ${a} -I ${VRF} -b
+ run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b
log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
+ log_start
+ run_cmd nettest -s -f -l ${a} -I ${VRF} -b
+ log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address after VRF bind"
+
+ # currently fails with ACCES
+ #log_start
+ #run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b
+ #log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address after VRF bind"
+
#
# check that ICMP sockets cannot bind to broadcast and multicast addresses
#
a=${BCAST_IP}
log_start
- run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b
+ run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind"
a=${MCAST_IP}
log_start
- run_cmd nettest -s -R -P icmp -f -l ${a} -I ${VRF} -b
+ run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind"
#
--
2.36.1
A couple of test updates are included:
* With this option [1,2], the kernel's altstack check becomes stringent.
The x86 sigaltstack test is ignorant about this. Adjust the test now.
This check was established [3] to ensure every AMX task's altstack is
sufficient (regardless of that option) [4].
* The AMX test wrongly fails on non-AMX machines. Fix the code to skip the
test instead.
The series is available in this repository:
git://github.com/intel/amx-linux.git selftest
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arc…
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Doc…
[3] 3aac3ebea08f ("x86/signal: Implement sigaltstack size validation")
[4] 4b7ca609a33d ("x86/signal: Use fpu::__state_user_size for sigalt stack validation")
Chang S. Bae (2):
selftests/x86/signal: Adjust the test to the kernel's altstack check
selftests/x86/amx: Fix the test to avoid failure when AMX is
unavailable
tools/testing/selftests/x86/amx.c | 42 +++++++++++++++++------
tools/testing/selftests/x86/sigaltstack.c | 12 ++++++-
2 files changed, 42 insertions(+), 12 deletions(-)
base-commit: f443e374ae131c168a065ea1748feac6b2e76613
--
2.17.1
Hi there,
The first patch moves the current livepatch tests to selftests, allowing it
be better suited to contain more complex tests, like using userspace C code
to use the livepatched kernel code. As a bonus it allows to use
"gen_tar" to export the livepatch selftests, rebuild the modules by
running make in selftests/livepatch directory and simplifies the process
of creating and debugging new selftests.
It keeps the ability to execute the tests by running the shell scripts,
like "test-livepatch.sh", but beware that the kernel modules
might not be up-to-date.
The second patch includes a new test to exercise the functionality to livepatch
a heavy hammered function. The test uses getpid in this case.
I tested the changes by running the tests within the kernel source tree and running
from the gen_tar extracted directory.
Marcos Paulo de Souza (2):
livepatch: Move tests from lib/livepatch to selftests/livepatch
selftests: livepatch: Test livepatching a heavily called syscall
arch/s390/configs/debug_defconfig | 1 -
arch/s390/configs/defconfig | 1 -
lib/Kconfig.debug | 22 -------
lib/Makefile | 2 -
lib/livepatch/Makefile | 14 -----
tools/testing/selftests/livepatch/Makefile | 35 ++++++++++-
tools/testing/selftests/livepatch/README | 5 +-
tools/testing/selftests/livepatch/config | 1 -
.../testing/selftests/livepatch/functions.sh | 34 ++++-------
.../selftests/livepatch/test-callbacks.sh | 50 ++++++++--------
.../selftests/livepatch/test-ftrace.sh | 6 +-
.../selftests/livepatch/test-livepatch.sh | 10 ++--
.../selftests/livepatch/test-shadow-vars.sh | 2 +-
.../testing/selftests/livepatch/test-state.sh | 18 +++---
.../selftests/livepatch/test-syscall.sh | 46 ++++++++++++++
.../test_binaries/test_klp-call_getpid.c | 48 +++++++++++++++
.../selftests/livepatch/test_modules/Makefile | 25 ++++++++
.../test_modules}/test_klp_atomic_replace.c | 0
.../test_modules}/test_klp_callbacks_busy.c | 0
.../test_modules}/test_klp_callbacks_demo.c | 0
.../test_modules}/test_klp_callbacks_demo2.c | 0
.../test_modules}/test_klp_callbacks_mod.c | 0
.../test_modules}/test_klp_livepatch.c | 0
.../test_modules}/test_klp_shadow_vars.c | 0
.../livepatch/test_modules}/test_klp_state.c | 0
.../livepatch/test_modules}/test_klp_state2.c | 0
.../livepatch/test_modules}/test_klp_state3.c | 0
.../livepatch/test_modules/test_klp_syscall.c | 60 +++++++++++++++++++
28 files changed, 269 insertions(+), 111 deletions(-)
delete mode 100644 lib/livepatch/Makefile
create mode 100755 tools/testing/selftests/livepatch/test-syscall.sh
create mode 100644 tools/testing/selftests/livepatch/test_binaries/test_klp-call_getpid.c
create mode 100644 tools/testing/selftests/livepatch/test_modules/Makefile
rename {lib/livepatch => tools/testing/selftests/livepatch/test_modules}/test_klp_atomic_replace.c (100%)
rename {lib/livepatch => tools/testing/selftests/livepatch/test_modules}/test_klp_callbacks_busy.c (100%)
rename {lib/livepatch => tools/testing/selftests/livepatch/test_modules}/test_klp_callbacks_demo.c (100%)
rename {lib/livepatch => tools/testing/selftests/livepatch/test_modules}/test_klp_callbacks_demo2.c (100%)
rename {lib/livepatch => tools/testing/selftests/livepatch/test_modules}/test_klp_callbacks_mod.c (100%)
rename {lib/livepatch => tools/testing/selftests/livepatch/test_modules}/test_klp_livepatch.c (100%)
rename {lib/livepatch => tools/testing/selftests/livepatch/test_modules}/test_klp_shadow_vars.c (100%)
rename {lib/livepatch => tools/testing/selftests/livepatch/test_modules}/test_klp_state.c (100%)
rename {lib/livepatch => tools/testing/selftests/livepatch/test_modules}/test_klp_state2.c (100%)
rename {lib/livepatch => tools/testing/selftests/livepatch/test_modules}/test_klp_state3.c (100%)
create mode 100644 tools/testing/selftests/livepatch/test_modules/test_klp_syscall.c
--
2.35.3
Resending with a fix of mktemp argument in verify_sig_setup.sh
One of the desirable features in security is the ability to restrict import
of data to a given system based on data authenticity. If data import can be
restricted, it would be possible to enforce a system-wide policy based on
the signing keys the system owner trusts.
This feature is widely used in the kernel. For example, if the restriction
is enabled, kernel modules can be plugged in only if they are signed with a
key whose public part is in the primary or secondary keyring.
For eBPF, it can be useful as well. For example, it might be useful to
authenticate data an eBPF program makes security decisions on.
After a discussion in the eBPF mailing list, it was decided that the stated
goal should be accomplished by introducing a new helper:
bpf_verify_pkcs7_signature(), dedicated to verify PKCS#7 signatures. More
helpers will be introduced later, as necessary.
The job of bpf_verify_pkcs7_signature() is simply to call the corresponding
signature verification function verify_pkcs7_signature(). Data and
signature can be provided to the new helper with two dynamic pointers, to
reduce the number of parameters. The keyring containing the signature
verification key can be obtained with a new helper
called bpf_request_key_by_id().
For now, keyrings can be obtained with an identifier defined in
verification.h (except for the special value ULONG_MAX, used for testing).
In the future, keyring can be searched also by their description. This
functionality has not been included here in this patch set, as would
require additional care for decrementing the reference count of the
keyring. It could be added later.
While bpf_request_key_by_id() can be called from any program,
bpf_verify_pkcs7_signature(), instead, must be called by a sleepable
program, as it is doing crypto operations. For the latter, for example,
lsm.s/bpf is suitable, fexit/array_map_update_elem is not.
The added test, which invokes both helpers, checks the ability of an eBPF
program to verify module-style appended signatures, as produced by the
kernel tool sign-file, currently used to sign kernel modules.
The patch set is organized as follows.
Patch 1 exports bpf_dynptr_get_size(), to obtain the real size of data
carried by a dynamic pointer. Patch 2 introduces the
bpf_request_key_by_id() helper. Patch 3 introduces the
bpf_verify_pkcs7_signature() helper. Finally, patch 4 adds a test for both
helpers.
Changelog
v3:
- Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to
avoid managing different parameters for each signature verification
function in one helper (suggested by Daniel)
- Use dynamic pointers and export bpf_dynptr_get_size() (suggested by
Alexei)
- Introduce bpf_request_key_by_id() to give more flexibility to the caller
of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring
(suggested by Alexei)
- Fix test by reordering the gcc command line, always compile sign-file
- Improve helper support check mechanism in the test
v2:
- Rename bpf_verify_pkcs7_signature() to a more generic
bpf_verify_signature() and pass the signature type (suggested by KP)
- Move the helper and prototype declaration under #ifdef so that user
space can probe for support for the helper (suggested by Daniel)
- Describe better the keyring types (suggested by Daniel)
- Include linux/bpf.h instead of vmlinux.h to avoid implicit or
redeclaration
- Make the test selfcontained (suggested by Alexei)
v1:
- Don't define new map flag but introduce simple wrapper of
verify_pkcs7_signature() (suggested by Alexei and KP)
Roberto Sassu (4):
bpf: Export bpf_dynptr_get_size()
bpf: Add bpf_request_key_by_id() helper
bpf: Add bpf_verify_pkcs7_signature() helper
selftests/bpf: Add test for bpf_verify_pkcs7_signature() helper
include/linux/bpf.h | 1 +
include/uapi/linux/bpf.h | 25 ++
kernel/bpf/bpf_lsm.c | 60 +++++
kernel/bpf/helpers.c | 2 +-
scripts/bpf_doc.py | 2 +
tools/include/uapi/linux/bpf.h | 25 ++
tools/testing/selftests/bpf/Makefile | 14 +-
tools/testing/selftests/bpf/config | 2 +
.../bpf/prog_tests/verify_pkcs7_sig.c | 217 ++++++++++++++++++
.../bpf/progs/test_verify_pkcs7_sig.c | 168 ++++++++++++++
.../testing/selftests/bpf/verify_sig_setup.sh | 100 ++++++++
11 files changed, 612 insertions(+), 4 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh
--
2.25.1
--
Hello,
My name is Steve Dibenedetto.I apologize to have contacted you this way
without a direct relationship. There is an opportunity to collaborate
with me in the sourcing of some materials needed by our company for
production of the different medicines we are researching.
I'm aware that this might be totally outside your professional
specialization, but it will be a great source for generating extra
revenue. I discovered a manufacturer who can supply us at a lower rate
than our company's previous purchases.
I will give you more specific details when/if I receive feedback from
you showing interest.
Warm Regards
Steve Dibenedetto
Production & Control Manager,
Green Field Laboratories
Gothic House, Barker Gate,
Nottingham, NG1 1JU,
United Kingdom.
The selftests, when built with newer versions of clang, is found
to have over optimized guests' ucall() function, and eliminating
the stores for uc.cmd (perhaps due to no immediate readers). This
resulted in the userspace side always reading a value of '0', and
causing multiple test failures.
As a result, prevent the compiler from optimizing the stores in
ucall() with WRITE_ONCE().
Suggested-by: Ricardo Koller <ricarkol(a)google.com>
Suggested-by: Reiji Watanabe <reijiw(a)google.com>
Signed-off-by: Raghavendra Rao Ananta <rananta(a)google.com>
---
tools/testing/selftests/kvm/lib/aarch64/ucall.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/kvm/lib/aarch64/ucall.c b/tools/testing/selftests/kvm/lib/aarch64/ucall.c
index e0b0164e9af8..be1d9728c4ce 100644
--- a/tools/testing/selftests/kvm/lib/aarch64/ucall.c
+++ b/tools/testing/selftests/kvm/lib/aarch64/ucall.c
@@ -73,20 +73,19 @@ void ucall_uninit(struct kvm_vm *vm)
void ucall(uint64_t cmd, int nargs, ...)
{
- struct ucall uc = {
- .cmd = cmd,
- };
+ struct ucall uc = {};
va_list va;
int i;
+ WRITE_ONCE(uc.cmd, cmd);
nargs = nargs <= UCALL_MAX_ARGS ? nargs : UCALL_MAX_ARGS;
va_start(va, nargs);
for (i = 0; i < nargs; ++i)
- uc.args[i] = va_arg(va, uint64_t);
+ WRITE_ONCE(uc.args[i], va_arg(va, uint64_t));
va_end(va);
- *ucall_exit_mmio_addr = (vm_vaddr_t)&uc;
+ WRITE_ONCE(*ucall_exit_mmio_addr, (vm_vaddr_t)&uc);
}
uint64_t get_ucall(struct kvm_vm *vm, uint32_t vcpu_id, struct ucall *uc)
--
2.36.1.476.g0c4daa206d-goog
The XSAVE feature set supports the saving and restoring of xstate components.
XSAVE feature has been used for process context switching. XSAVE components
include x87 state for FP execution environment, SSE state, AVX state and so on.
In order to ensure that XSAVE works correctly, add XSAVE most basic test for
XSAVE architecture functionality.
This patch tests "FP, SSE(XMM), AVX2(YMM), AVX512_OPMASK/AVX512_ZMM_Hi256/
AVX512_Hi16_ZMM and PKRU parts" xstates with following cases:
1. The contents of these xstates in the process should not change after the
signal handling.
2. The contents of these xstates in the child process should be the same as
the contents of the xstate in the parent process after the fork syscall.
3. The contents of xstates in the parent process should not change after
the context switch.
Because xstate like XMM will not be preserved across function calls, fork() and
raise() are implemented and inlined.
To prevent GCC from generating any FP/SSE(XMM)/AVX/PKRU code, add
"-mno-sse -mno-mmx -mno-sse2 -mno-avx -mno-pku" compiler arguments. stdlib.h
can not be used because of the "-mno-sse" option.
Thanks Dave, Hansen for the above suggestion!
Thanks Chen Yu; Shuah Khan; Chatre Reinette and Tony Luck's comments!
Thanks to Bae, Chang Seok for a bunch of comments!
========
- Change from v8 to v9
- Use function pointers to make it more structured. (Hansen, Dave)
- Improve the function name: xstate_tested -> xstate_in_test. (Chang S. Bae)
- Break this test up into two pieces: keep the xstate key test steps with
"-mno-sse" and no stdlib.h, keep others in xstate.c file. (Hansen, Dave)
- Use kselftest infrastructure for xstate.c file. (Hansen, Dave)
- Use instruction back to populate fp xstate buffer. (Hansen, Dave)
- Will skip the test if cpu could not support xsave. (Chang S. Bae)
- Use __cpuid_count() helper in kselftest.h. (Reinette, Chatre)
- Change from v7 to v8
Many thanks to Bae, Chang Seok for a bunch of comments as follow:
- Use the filling buffer way to prepare the xstate buffer, and use xrstor
instruction way to load the tested xstates.
- Remove useless dump_buffer, compare_buffer functions.
- Improve the struct of xstate_info.
- Added AVX512_ZMM_Hi256 and AVX512_Hi16_ZMM components in xstate test.
- Remove redundant xstate_info.xstate_mask, xstate_flag[], and
xfeature_test_mask, use xstate_info.mask instead.
- Check if xfeature is supported outside of fill_xstate_buf() , this change
is easier to read and understand.
- Remove useless wrpkru, only use filling all tested xstate buffer in
fill_xstates_buf().
- Improve a bunch of function names and variable names.
- Improve test steps flow for readability.
- Change from v6 to v7:
- Added the error number and error description of the reason for the
failure, thanks Shuah Khan's suggestion.
- Added a description of what these tests are doing in the head comments.
- Added changes update in the head comments.
- Added description of the purpose of the function. thanks Shuah Khan.
- Change from v5 to v6:
- In order to prevent GCC from generating any FP code by mistake,
"-mno-sse -mno-mmx -mno-sse2 -mno-avx -mno-pku" compiler parameter was
added, it's referred to the parameters for compiling the x86 kernel. Thanks
Dave Hansen's suggestion.
- Removed the use of "kselftest.h", because kselftest.h included <stdlib.h>,
and "stdlib.h" would use sse instructions in it's libc, and this *XSAVE*
test needed to be compiled without libc sse instructions(-mno-sse).
- Improved the description in commit header, thanks Chen Yu's suggestion.
- Becasue test code could not use buildin xsave64 in libc without sse, added
xsave function by instruction way.
- Every key test action would not use libc(like printf) except syscall until
it's failed or done. If it's failed, then it would print the failed reason.
- Used __cpuid_count() instead of native_cpuid(), becasue __cpuid_count()
was a macro definition function with one instruction in libc and did not
change xstate. Thanks Chatre Reinette, Shuah Khan.
https://lore.kernel.org/linux-sgx/8b7c98f4-f050-bc1c-5699-fa598ecc66a2@linu…
- Change from v4 to v5:
- Moved code files into tools/testing/selftests/x86.
- Delete xsave instruction test, becaue it's not related to kernel.
- Improved case description.
- Added AVX512 opmask change and related XSAVE content verification.
- Added PKRU part xstate test into instruction and signal handling test.
- Added XSAVE process swich test for FPU, AVX2, AVX512 opmask and PKRU part.
- Change from v3 to v4:
- Improve the comment in patch 1.
- Change from v2 to v3:
- Improve the description of patch 2 git log.
- Change from v1 to v2:
- Improve the cover-letter. Thanks Dave Hansen's suggestion.
Pengfei Xu (2):
selftests/x86/xstate: Add xstate signal handling test for XSAVE
feature
selftests/x86/xstate: Add xstate fork test for XSAVE feature
tools/testing/selftests/x86/.gitignore | 1 +
tools/testing/selftests/x86/Makefile | 11 +-
tools/testing/selftests/x86/xstate.c | 235 ++++++++++++++++
tools/testing/selftests/x86/xstate.h | 267 +++++++++++++++++++
tools/testing/selftests/x86/xstate_helpers.c | 211 +++++++++++++++
tools/testing/selftests/x86/xstate_helpers.h | 10 +
6 files changed, 733 insertions(+), 2 deletions(-)
create mode 100644 tools/testing/selftests/x86/xstate.c
create mode 100644 tools/testing/selftests/x86/xstate.h
create mode 100644 tools/testing/selftests/x86/xstate_helpers.c
create mode 100644 tools/testing/selftests/x86/xstate_helpers.h
--
2.31.1
Commit 17de1e559cf1 ("selftests: clarify common error when running
gup_test") had most of its hunks dropped due to a conflict with another
patch accepted into Linux around the same time that implemented the same
behavior as a subset of other changes.
However, the remaining hunk defines the GUP_TEST_FILE macro without
making use of it. This patch makes use of the macro in the two relevant
places.
Furthermore, the above mentioned commit's log message erroneously describes
the changes that were dropped from the patch.
This patch corrects the record.
Fixes: 17de1e559cf1 ("selftests: clarify common error when running gup_test")
Signed-off-by: Joel Savitz <jsavitz(a)redhat.com>
---
tools/testing/selftests/vm/gup_test.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/vm/gup_test.c b/tools/testing/selftests/vm/gup_test.c
index 6bb36ca71cb5..a309876d832f 100644
--- a/tools/testing/selftests/vm/gup_test.c
+++ b/tools/testing/selftests/vm/gup_test.c
@@ -209,7 +209,7 @@ int main(int argc, char **argv)
if (write)
gup.gup_flags |= FOLL_WRITE;
- gup_fd = open("/sys/kernel/debug/gup_test", O_RDWR);
+ gup_fd = open(GUP_TEST_FILE, O_RDWR);
if (gup_fd == -1) {
switch (errno) {
case EACCES:
@@ -224,7 +224,7 @@ int main(int argc, char **argv)
printf("check if CONFIG_GUP_TEST is enabled in kernel config\n");
break;
default:
- perror("failed to open /sys/kernel/debug/gup_test");
+ perror("failed to open " GUP_TEST_FILE);
break;
}
exit(KSFT_SKIP);
--
2.31.1
From: Ira Weiny <ira.weiny(a)intel.com>
While evaluating the possibility of defining a new type for pkeys within the
kernel I found a couple of minor bugs.
Because these patches clean up the return codes from system calls I'm sending
this out RFC hoping that users will speak up if anything breaks.
I'm not too concerned about pkey_free() because it is unlikely that anyone is
checking the return code. Interestingly enough, glibc recommends not calling
pkey_free() because it does not change the access rights to the key and may be
subsequently allocated again.[1][2]
The pkey_alloc() is more concerning. However, I checked the Chrome source and
it does not differentiate among the return codes and maps all errors into
kNoMemoryProtectionKey.
glibc says it returns ENOSYS if the system does not support pkeys but I don't
see where ENOSYS is returned? AFAICS it just returns what the kernel returns.
So it is probably up to user of glibc.
In addition I've enhanced the pkey tests to verify and test the changes.
Thanks to Rick Edgecombe and Sohil Mehta for internal review.
[1] Quote from manual/memory.texi:
Calling this function does not change the access rights of the freed
protection key. The calling thread and other threads may retain access
to it, even if it is subsequently allocated again. For this reason, it
is not recommended to call the @code{pkey_free} function.
[2] PKS had a similar issue and went to statically allocated keys instead.
Ira Weiny (6):
testing/pkeys: Add command line options
testing/pkeys: Don't use uninitialized variable
testing/pkeys: Add additional test for pkey_alloc()
pkeys: Lift pkey hardware check for pkey_alloc()
pkeys: Up level pkey_free() checks
pkeys: Change mm_pkey_free() to void
arch/powerpc/include/asm/pkeys.h | 18 ++---
arch/x86/include/asm/pkeys.h | 7 +-
include/linux/pkeys.h | 5 +-
mm/mprotect.c | 13 +++-
tools/testing/selftests/vm/pkey-helpers.h | 7 +-
tools/testing/selftests/vm/protection_keys.c | 75 +++++++++++++++++---
6 files changed, 86 insertions(+), 39 deletions(-)
base-commit: 874c8ca1e60b2c564a48f7e7acc40d328d5c8733
--
2.35.1
Before change:
make -C netfilter
TEST: performance
net,port [SKIP]
perf not supported
port,net [SKIP]
perf not supported
net6,port [SKIP]
perf not supported
port,proto [SKIP]
perf not supported
net6,port,mac [SKIP]
perf not supported
net6,port,mac,proto [SKIP]
perf not supported
net,mac [SKIP]
perf not supported
After change:
net,mac [ OK ]
baseline (drop from netdev hook): 2061098pps
baseline hash (non-ranged entries): 1606741pps
baseline rbtree (match on first field only): 1191607pps
set with 1000 full, ranged entries: 1639119pps
ok 8 selftests: netfilter: nft_concat_range.sh
Fixes: 611973c1e06f ("selftests: netfilter: Introduce tests for sets with range concatenation")
Reported-by: kernel test robot <lkp(a)intel.com>
Signed-off-by: Jie2x Zhou <jie2x.zhou(a)intel.com>
---
tools/testing/selftests/netfilter/nft_concat_range.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/netfilter/nft_concat_range.sh b/tools/testing/selftests/netfilter/nft_concat_range.sh
index b35010cc7f6a..a6991877e50c 100755
--- a/tools/testing/selftests/netfilter/nft_concat_range.sh
+++ b/tools/testing/selftests/netfilter/nft_concat_range.sh
@@ -31,7 +31,7 @@ BUGS="flush_remove_add reload"
# List of possible paths to pktgen script from kernel tree for performance tests
PKTGEN_SCRIPT_PATHS="
- ../../../samples/pktgen/pktgen_bench_xmit_mode_netif_receive.sh
+ ../../../../samples/pktgen/pktgen_bench_xmit_mode_netif_receive.sh
pktgen/pktgen_bench_xmit_mode_netif_receive.sh"
# Definition of set types:
--
2.34.1
This series is based on linux-next/akpm-base.
The series is split up like so:
- Patch 1 is a simple fixup which we should take in any case (even by itself).
- Patches 2-4 add the feature, basic support for it to the selftest, and docs.
- Patches 5-6 make the selftest configurable, so you can test one or the other
instead of always both. If we decide this is overcomplicated, we could just
drop these two patches and take the rest of the series.
Changelog:
v2->v3:
- Rebased onto linux-next/akpm-base, in order to be based on top of the
run_vmtests.sh refactor which was merged previously.
- Picked up some Reviewed-by's.
- Fixed ioctl definition (_IO instead of _IOWR), and stopped using
compat_ptr_ioctl since it is unneeded for ioctls which don't take a pointer.
- Removed the "handle_kernel_faults" bool, simplifying the code. The result is
logically equivalent, but simpler.
- Fixed userfaultfd selftest so it returns KSFT_SKIP appropriately.
- Reworded documentation per Shuah's feedback on v2.
- Improved example usage for userfaultfd selftest.
v1->v2:
- Add documentation update.
- Test *both* userfaultfd(2) and /dev/userfaultfd via the selftest.
Axel Rasmussen (6):
selftests: vm: add hugetlb_shared userfaultfd test to run_vmtests.sh
userfaultfd: add /dev/userfaultfd for fine grained access control
userfaultfd: selftests: modify selftest to use /dev/userfaultfd
userfaultfd: update documentation to describe /dev/userfaultfd
userfaultfd: selftests: make /dev/userfaultfd testing configurable
selftests: vm: add /dev/userfaultfd test cases to run_vmtests.sh
Documentation/admin-guide/mm/userfaultfd.rst | 40 ++++++++++-
Documentation/admin-guide/sysctl/vm.rst | 3 +
fs/userfaultfd.c | 76 ++++++++++++++++----
include/uapi/linux/userfaultfd.h | 4 ++
tools/testing/selftests/vm/run_vmtests.sh | 11 ++-
tools/testing/selftests/vm/userfaultfd.c | 66 ++++++++++++++---
6 files changed, 172 insertions(+), 28 deletions(-)
--
2.36.1.255.ge46751e96f-goog
--
Hello,
My name is Steve Dibenedetto.I apologize to have contacted you this way
without a direct relationship. There is an opportunity to collaborate
with me in the sourcing of some materials needed by our company for
production of the different medicines we are researching.
I'm aware that this might be totally outside your professional
specialization, but it will be a great source for generating extra
revenue. I discovered a manufacturer who can supply us at a lower rate
than our company's previous purchases.
I will give you more specific details when/if I receive feedback from
you showing interest.
Warm Regards
Steve Dibenedetto
Production & Control Manager,
Green Field Laboratories
Gothic House, Barker Gate,
Nottingham, NG1 1JU,
United Kingdom.
On Android this test is getting stuck in an infinite loop due to
indeterminate behavior:
The local variables steps and signalled were being reset to 1 and 0
respectively after every jump back to sigsetjmp by siglongjmp in the
signal handler. The test was incrementing them and expecting them to
retain their incremented values. The documentation for siglongjmp says:
All accessible objects have values as of the time sigsetjmp() was
called, except that the values of objects of automatic storage duration
which are local to the function containing the invocation of the
corresponding sigsetjmp() which do not have volatile-qualified type and
which are changed between the sigsetjmp() invocation and siglongjmp()
call are indeterminate.
Tagging steps and signalled with volatile enabled the test to pass.
Signed-off-by: Edward Liaw <edliaw(a)google.com>
---
tools/testing/selftests/vm/userfaultfd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/vm/userfaultfd.c b/tools/testing/selftests/vm/userfaultfd.c
index 0bdfc1955229..2b2a68722ae1 100644
--- a/tools/testing/selftests/vm/userfaultfd.c
+++ b/tools/testing/selftests/vm/userfaultfd.c
@@ -931,7 +931,7 @@ static int faulting_process(int signal_test)
unsigned long split_nr_pages;
unsigned long lastnr;
struct sigaction act;
- unsigned long signalled = 0;
+ volatile unsigned long signalled = 0;
split_nr_pages = (nr_pages + 1) / 2;
@@ -946,7 +946,7 @@ static int faulting_process(int signal_test)
}
for (nr = 0; nr < split_nr_pages; nr++) {
- int steps = 1;
+ volatile int steps = 1;
unsigned long offset = nr * page_size;
if (signal_test) {
--
2.36.1.476.g0c4daa206d-goog
One of the desirable features in security is the ability to restrict import
of data to a given system based on data authenticity. If data import can be
restricted, it would be possible to enforce a system-wide policy based on
the signing keys the system owner trusts.
This feature is widely used in the kernel. For example, if the restriction
is enabled, kernel modules can be plugged in only if they are signed with a
key whose public part is in the primary or secondary keyring.
For eBPF, it can be useful as well. For example, it might be useful to
authenticate data an eBPF program makes security decisions on.
After a discussion in the eBPF mailing list, it was decided that the stated
goal should be accomplished by introducing a new helper:
bpf_verify_pkcs7_signature(), dedicated to verify PKCS#7 signatures. More
helpers will be introduced later, as necessary.
The job of bpf_verify_pkcs7_signature() is simply to call the corresponding
signature verification function verify_pkcs7_signature(). Data and
signature can be provided to the new helper with two dynamic pointers, to
reduce the number of parameters. The keyring containing the signature
verification key can be obtained with a new helper
called bpf_request_key_by_id().
For now, keyrings can be obtained with an identifier defined in
verification.h (except for the special value ULONG_MAX, used for testing).
In the future, keyring can be searched also by their description. This
functionality has not been included here in this patch set, as would
require additional care for decrementing the reference count of the
keyring. It could be added later.
While bpf_request_key_by_id() can be called from any program,
bpf_verify_pkcs7_signature(), instead, must be called by a sleepable
program, as it is doing crypto operations. For the latter, for example,
lsm.s/bpf is suitable, fexit/array_map_update_elem is not.
The added test, which invokes both helpers, checks the ability of an eBPF
program to verify module-style appended signatures, as produced by the
kernel tool sign-file, currently used to sign kernel modules.
The patch set is organized as follows.
Patch 1 exports bpf_dynptr_get_size(), to obtain the real size of data
carried by a dynamic pointer. Patch 2 introduces the
bpf_request_key_by_id() helper. Patch 3 introduces the
bpf_verify_pkcs7_signature() helper. Finally, patch 4 adds a test for both
helpers.
Changelog
v3:
- Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to
avoid managing different parameters for each signature verification
function in one helper (suggested by Daniel)
- Use dynamic pointers and export bpf_dynptr_get_size() (suggested by
Alexei)
- Introduce bpf_request_key_by_id() to give more flexibility to the caller
of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring
(suggested by Alexei)
- Fix test by reordering the gcc command line, always compile sign-file
- Improve helper support check mechanism in the test
v2:
- Rename bpf_verify_pkcs7_signature() to a more generic
bpf_verify_signature() and pass the signature type (suggested by KP)
- Move the helper and prototype declaration under #ifdef so that user
space can probe for support for the helper (suggested by Daniel)
- Describe better the keyring types (suggested by Daniel)
- Include linux/bpf.h instead of vmlinux.h to avoid implicit or
redeclaration
- Make the test selfcontained (suggested by Alexei)
v1:
- Don't define new map flag but introduce simple wrapper of
verify_pkcs7_signature() (suggested by Alexei and KP)
Roberto Sassu (4):
bpf: Export bpf_dynptr_get_size()
bpf: Add bpf_request_key_by_id() helper
bpf: Add bpf_verify_pkcs7_signature() helper
selftests/bpf: Add test for bpf_verify_pkcs7_signature() helper
include/linux/bpf.h | 1 +
include/uapi/linux/bpf.h | 25 ++
kernel/bpf/bpf_lsm.c | 60 +++++
kernel/bpf/helpers.c | 2 +-
scripts/bpf_doc.py | 2 +
tools/include/uapi/linux/bpf.h | 25 ++
tools/testing/selftests/bpf/Makefile | 14 +-
tools/testing/selftests/bpf/config | 2 +
.../bpf/prog_tests/verify_pkcs7_sig.c | 217 ++++++++++++++++++
.../bpf/progs/test_verify_pkcs7_sig.c | 168 ++++++++++++++
.../testing/selftests/bpf/verify_sig_setup.sh | 100 ++++++++
11 files changed, 612 insertions(+), 4 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh
--
2.25.1
Delete the redundant word 'in'.
Signed-off-by: Xiang wangx <wangxiang(a)cdjrlc.com>
---
tools/testing/selftests/vm/userfaultfd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/vm/userfaultfd.c b/tools/testing/selftests/vm/userfaultfd.c
index 0bdfc1955229..4bc24581760d 100644
--- a/tools/testing/selftests/vm/userfaultfd.c
+++ b/tools/testing/selftests/vm/userfaultfd.c
@@ -860,7 +860,7 @@ static int stress(struct uffd_stats *uffd_stats)
/*
* Be strict and immediately zap area_src, the whole area has
* been transferred already by the background treads. The
- * area_src could then be faulted in in a racy way by still
+ * area_src could then be faulted in a racy way by still
* running uffdio_threads reading zeropages after we zapped
* area_src (but they're guaranteed to get -EEXIST from
* UFFDIO_COPY without writing zero pages into area_dst
--
2.36.1
Unlike GCC clang uses a single compiler image to support multiple target
architectures meaning that we can't simply rely on CROSS_COMPILE to select
the output architecture. Instead we must pass --target to the compiler to
tell it what to output, kselftest was not doing this so cross compilation
of kselftest using clang resulted in kselftest being built for the host
architecture.
More work is required to fix tests using custom rules but this gets the
bulk of things building.
Signed-off-by: Mark Brown <broonie(a)kernel.org>
---
tools/testing/selftests/lib.mk | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/lib.mk b/tools/testing/selftests/lib.mk
index 2a2d240cdc1b..1a5cc3cd97ec 100644
--- a/tools/testing/selftests/lib.mk
+++ b/tools/testing/selftests/lib.mk
@@ -7,10 +7,31 @@ else ifneq ($(filter -%,$(LLVM)),)
LLVM_SUFFIX := $(LLVM)
endif
-CC := $(LLVM_PREFIX)clang$(LLVM_SUFFIX)
+CLANG_TARGET_FLAGS_arm := arm-linux-gnueabi
+CLANG_TARGET_FLAGS_arm64 := aarch64-linux-gnu
+CLANG_TARGET_FLAGS_hexagon := hexagon-linux-musl
+CLANG_TARGET_FLAGS_m68k := m68k-linux-gnu
+CLANG_TARGET_FLAGS_mips := mipsel-linux-gnu
+CLANG_TARGET_FLAGS_powerpc := powerpc64le-linux-gnu
+CLANG_TARGET_FLAGS_riscv := riscv64-linux-gnu
+CLANG_TARGET_FLAGS_s390 := s390x-linux-gnu
+CLANG_TARGET_FLAGS_x86 := x86_64-linux-gnu
+CLANG_TARGET_FLAGS := $(CLANG_TARGET_FLAGS_$(ARCH))
+
+ifeq ($(CROSS_COMPILE),)
+ifeq ($(CLANG_TARGET_FLAGS),)
+$(error Specify CROSS_COMPILE or add '--target=' option to lib.mk
+else
+CLANG_FLAGS += --target=$(CLANG_TARGET_FLAGS)
+endif # CLANG_TARGET_FLAGS
+else
+CLANG_FLAGS += --target=$(notdir $(CROSS_COMPILE:%-=%))
+endif # CROSS_COMPILE
+
+CC := $(LLVM_PREFIX)clang$(LLVM_SUFFIX) $(CLANG_FLAGS) -fintegrated-as
else
CC := $(CROSS_COMPILE)gcc
-endif
+endif # LLVM
ifeq (0,$(MAKELEVEL))
ifeq ($(OUTPUT),)
--
2.30.2
This patch series is motivated by Shuah's suggestion here:
https://lore.kernel.org/kvm/d576d8f7-980f-3bc6-87ad-5a6ae45609b8@linuxfound…
Many s390x KVM selftests do not output any information about which
tests have been run, so it's hard to say whether a test binary
contains a certain sub-test or not. To improve this situation let's
add some TAP output via the kselftest.h interface to these tests,
so that it easier to understand what has been executed or not.
v4:
- Rebased to include test_termination() now in the memop test
- Reworked the extension capability check in the memop test
v3:
- Added comments / fixed cosmetics according to Janosch's and
Janis' reviews of the v2 series
- Added Reviewed-by tags from the v2 series
v2:
- Reworked the extension checking in the first patch
- Make sure to always print the TAP 13 header in the second patch
- Reworked the SKIP printing in the third patch
Thomas Huth (4):
KVM: s390: selftests: Use TAP interface in the memop test
KVM: s390: selftests: Use TAP interface in the sync_regs test
KVM: s390: selftests: Use TAP interface in the tprot test
KVM: s390: selftests: Use TAP interface in the reset test
tools/testing/selftests/kvm/s390x/memop.c | 95 +++++++++++++++----
tools/testing/selftests/kvm/s390x/resets.c | 38 ++++++--
.../selftests/kvm/s390x/sync_regs_test.c | 87 +++++++++++++----
tools/testing/selftests/kvm/s390x/tprot.c | 29 +++++-
4 files changed, 197 insertions(+), 52 deletions(-)
--
2.31.1
This series implements selftests targeting the feature floated by Chao
via:
https://lore.kernel.org/linux-mm/20220519153713.819591-1-chao.p.peng@linux.…
Below changes aim to test the fd based approach for guest private memory
in context of SEV/SEV-ES VMs executing on AMD SEV/SEV-ES compatible
platforms.
This series has dependency on following patch series:
1) V6 series patches from Chao mentioned above.
2) https://lore.kernel.org/all/20211210164620.11636-1-michael.roth@amd.com/T/
- KVM: selftests: Add support for test-selectable ucall implementations
series by Michael Roth
3) https://lore.kernel.org/kvm/20220104234129.dvpv3o3tihvzsqcr@amd.com/T/
- KVM: selftests: Add tests for SEV and SEV-ES guests series by Michael Roth
And few additional patches:
* https://github.com/vishals4gh/linux/commit/2cb215cb6b4dff7fdf70349816517962…
- Confidential platforms along with the confidentiality aware software stack
support a notion of private/shared accesses from the confidential VMs.
Generally, a bit in the GPA conveys the shared/private-ness of the access.
SEV/SEV-ES implementation doesn't expose the encryption bit information
via fault address to KVM and so this hack is still needed to signal
private/shared access ranges to the kvm.
* https://github.com/vishals4gh/linux/commit/81a7d24231f6b8fb4174bbf97ed73368…
Github link for the patches posted as part of this series:
https://github.com/vishals4gh/linux/commits/sev_upm_selftests_rfc_v1
sev_priv_memfd_test.c file adds a suite of selftests to access private memory
from the SEV/SEV-ES guests via private/shared accesses and checking if the
contents can be leaked to/accessed by vmm via shared memory view.
To allow SEV/SEV-ES VMs to toggle the encryption bit during memory conversion,
support is added for mapping guest pagetables to guest va ranges and passing
the mapping information to guests via shared pages.
Vishal Annapurve (3):
selftests: kvm: x86_64: Add support for pagetable tracking
selftests: kvm: sev: Handle hypercall exit
selftests: kvm: sev: Port UPM selftests onto SEV/SEV-ES VMs
tools/testing/selftests/kvm/.gitignore | 1 +
tools/testing/selftests/kvm/Makefile | 1 +
.../selftests/kvm/include/kvm_util_base.h | 98 ++
tools/testing/selftests/kvm/lib/kvm_util.c | 81 +-
.../selftests/kvm/lib/kvm_util_internal.h | 9 +
.../selftests/kvm/lib/x86_64/processor.c | 36 +
.../selftests/kvm/lib/x86_64/sev_exitlib.c | 39 +-
.../kvm/x86_64/sev_priv_memfd_test.c | 1511 +++++++++++++++++
8 files changed, 1770 insertions(+), 6 deletions(-)
create mode 100644 tools/testing/selftests/kvm/x86_64/sev_priv_memfd_test.c
--
2.36.1.124.g0e6072fb45-goog
Hello,
The series adds support for the renameat2 system call RENAME_EXCHANGE flag
(which allows to atomically replace two paths) to the vfat filesystem code.
There are many use cases for this, but we are particularly interested in
making possible for vfat filesystems to be part of OSTree [0] deployments.
Currently OSTree relies on symbolic links to make the deployment updates
an atomic transactional operation. But RENAME_EXCHANGE could be used [1]
to achieve a similar level of robustness when using a vfat filesystem.
Patch #1 is just a preparatory patch to introduce the RENAME_EXCHANGE
support, patch #2 moves some code blocks in vfat_rename() to a set of
helper functions, that can be reused by tvfat_rename_exchange() that's
added by patch #3 and finally patch #4 adds some kselftests to test it.
This is a v6 that addresses issues pointed out in v5:
https://lkml.org/lkml/2022/6/9/361
[0]: https://github.com/ostreedev/ostree
[1]: https://github.com/ostreedev/ostree/issues/1649
Changes in v6:
- Simplify logic to determine if nlink have to modified (OGAWA Hirofumi).
Changes in v5:
- Only update nlink for different parent dirs and file types (OGAWA Hirofumi).
Changes in v4:
- Add new patch from OGAWA Hirofumi to use the helpers in vfat_rename().
- Rebase the patch on top of OGAWA Hirofumi proposed changes.
- Drop iversion increment for old and new file inodes (OGAWA Hirofumi).
- Add Muhammad Usama Anjum Acked-by tag.
Changes in v3:
- Add a .gitignore for the rename_exchange binary (Muhammad Usama Anjum).
- Include $(KHDR_INCLUDES) instead of hardcoding a relative path in Makefile
(Muhammad Usama Anjum).
Changes in v2:
- Only update the new_dir inode version and timestamps if != old_dir
(Alex Larsson).
- Add some helper functions to avoid duplicating code (OGAWA Hirofumi).
- Use braces for multi-lines blocks even if are one statement (OGAWA Hirofumi).
- Mention in commit message that the operation is as transactional as possible
but within the vfat limitations of not having a journal (Colin Walters).
- Call sync to flush the page cache before checking the file contents
(Alex Larsson).
- Drop RFC prefix since the patches already got some review.
Javier Martinez Canillas (3):
fat: add a vfat_rename2() and make existing .rename callback a helper
fat: add renameat2 RENAME_EXCHANGE flag support
selftests/filesystems: add a vfat RENAME_EXCHANGE test
OGAWA Hirofumi (1):
fat: factor out reusable code in vfat_rename() as helper functions
MAINTAINERS | 1 +
fs/fat/namei_vfat.c | 231 +++++++++++++++---
tools/testing/selftests/Makefile | 1 +
.../selftests/filesystems/fat/.gitignore | 2 +
.../selftests/filesystems/fat/Makefile | 7 +
.../testing/selftests/filesystems/fat/config | 2 +
.../filesystems/fat/rename_exchange.c | 37 +++
.../filesystems/fat/run_fat_tests.sh | 82 +++++++
8 files changed, 324 insertions(+), 39 deletions(-)
create mode 100644 tools/testing/selftests/filesystems/fat/.gitignore
create mode 100644 tools/testing/selftests/filesystems/fat/Makefile
create mode 100644 tools/testing/selftests/filesystems/fat/config
create mode 100644 tools/testing/selftests/filesystems/fat/rename_exchange.c
create mode 100755 tools/testing/selftests/filesystems/fat/run_fat_tests.sh
--
2.36.1
One of the desirable features in security is the ability to restrict import
of data to a given system based on data authenticity. If data import can be
restricted, it would be possible to enforce a system-wide policy based on
the signing keys the system owner trusts.
This feature is widely used in the kernel. For example, if the restriction
is enabled, kernel modules can be plugged in only if they are signed with a
key whose public part is in the primary or secondary keyring.
For eBPF, it can be useful as well. For example, it might be useful to
authenticate data an eBPF program makes security decisions on.
After a discussion in the eBPF mailing list, it was decided that the stated
goal should be accomplished by introducing a new helper:
bpf_verify_signature(). Its job is simply to call the signature verification
function corresponding to the passed signature type, with the keyring selected
through the passed keyring identifier.
Since verify_pkcs7_signature() is doing crypto operations, it must be
called by a sleepable program. This restricts the set of functions that can
call the associated helper (for example, lsm.s/bpf is suitable,
fexit/array_map_update_elem is not).
The added test checks the ability of an eBPF program to verify module-style
appended signatures, as produced by the kernel tool sign-file, currently
used to sign kernel modules.
The patch set is organized as follows.
Patch 1 introduces the new helper. Patch 2 adds the test for the new
helper.
Changelog
v1:
- Don't define new map flag but introduce simple wrapper of
verify_pkcs7_signature() (suggested by Alexei and KP)
v2:
- Rename bpf_verify_pkcs7_signature() to a more generic
bpf_verify_signature() and pass the signature type (suggested by KP)
- Move the helper and prototype declaration under #ifdef so that user
space can probe for support for the helper (suggested by Daniel)
- Describe better the keyring types (suggested by Daniel)
- Include linux/bpf.h instead of vmlinux.h to avoid implicit or
redeclaration
- Make the test selfcontained (suggested by Alexei)
Roberto Sassu (2):
bpf: Add bpf_verify_signature() helper
selftests/bpf: Add test for bpf_verify_signature() helper
include/uapi/linux/bpf.h | 17 ++
kernel/bpf/bpf_lsm.c | 46 ++++
tools/include/uapi/linux/bpf.h | 17 ++
tools/testing/selftests/bpf/Makefile | 11 +-
tools/testing/selftests/bpf/config | 1 +
.../selftests/bpf/prog_tests/verify_sig.c | 200 ++++++++++++++++++
.../selftests/bpf/progs/test_verify_sig.c | 160 ++++++++++++++
.../testing/selftests/bpf/verify_sig_setup.sh | 100 +++++++++
8 files changed, 549 insertions(+), 3 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_sig.c
create mode 100644 tools/testing/selftests/bpf/progs/test_verify_sig.c
create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh
--
2.25.1
One of the desirable features in security is the ability to restrict import
of data to a given system based on data authenticity. If data import can be
restricted, it would be possible to enforce a system-wide policy based on
the signing keys the system owner trusts.
This feature is widely used in the kernel. For example, if the restriction
is enabled, kernel modules can be plugged in only if they are signed with a
key whose public part is in the primary or secondary keyring.
For eBPF, it can be useful as well. For example, it might be useful to
authenticate data an eBPF program makes security decisions on.
After a discussion in the eBPF mailing list, it was decided that the stated
goal should be accomplished by introducing a new helper:
bpf_verify_pkcs7_signature(). It is simply a wrapper of
verify_pkcs7_signature(), and does the signature verification with a key in
the selected keyring (primary, secondary or platform).
Since verify_pkcs7_signature() is doing crypto operations, it must be
called by a sleepable program. This restricts the set of functions that can
call the associated helper (for example, lsm.s/bpf is suitable,
fexit/array_map_update_elem is not).
The added test check the ability of an eBPF program to verify module-style
appended signatures, as produced by the kernel tool sign-file, currently
used to sign kernel modules.
The patch set is organized as follows.
Patch 1 introduces the new helper. Patch 2 adds two new options to
test_progs (the eBPF selftest binary), to specify the path of sign-file and
the file containing the kernel private key and certificate. Finally,
patch 3 adds the test for the new helper.
Roberto Sassu (3):
bpf: Add bpf_verify_pkcs7_signature() helper
selftests/bpf: Add test_progs opts for sign-file and kernel priv key +
cert
selftests/bpf: Add test for bpf_verify_pkcs7_signature() helper
include/uapi/linux/bpf.h | 8 +
kernel/bpf/bpf_lsm.c | 32 ++++
tools/include/uapi/linux/bpf.h | 8 +
tools/testing/selftests/bpf/config | 2 +
.../bpf/prog_tests/verify_pkcs7_sig.c | 149 ++++++++++++++++++
.../bpf/progs/test_verify_pkcs7_sig.c | 127 +++++++++++++++
tools/testing/selftests/bpf/test_progs.c | 12 ++
tools/testing/selftests/bpf/test_progs.h | 3 +
8 files changed, 341 insertions(+)
create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
--
2.25.1
As the number of test cases and length of execution grows it's
useful to select only a subset of tests. In TLS for instance we
have a matrix of variants for different crypto protocols and
during development mostly care about testing a handful.
This is quicker and makes reading output easier.
This patch adds argument parsing to kselftest_harness.
It supports a couple of ways to filter things, I could not come
up with one way which will cover all cases.
The first and simplest switch is -r which takes the name of
a test to run (can be specified multiple times).
Then there is a handful of group filtering options. f/v/t for
filtering by fixture/variant/test. They have both positive
(match -> run) and negative versions (match -> skip).
If user specifies any positive option we assume the default
is not to run the tests. If only negative options are set
we assume the tests are supposed to be run by default.
Usage: ./tools/testing/selftests/net/tls [-h|-l] [-t|-T|-v|-V|-f|-F|-r name]
-h print help
-l list all tests
-t name include test
-T name exclude test
-v name include variant
-V name exclude variant
-f name include fixture
-F name exclude fixture
-r name run specified test
Test filter options can be specified multiple times. The filtering stops
at the first match. For example to include all tests from variant 'bla'
but not test 'foo' specify '-T foo -v bla'.
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
---
CC: keescook(a)chromium.org
CC: luto(a)amacapital.net
CC: wad(a)chromium.org
CC: shuah(a)kernel.org
CC: linux-kselftest(a)vger.kernel.org
---
tools/testing/selftests/kselftest_harness.h | 146 +++++++++++++++++++-
1 file changed, 142 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h
index 25f4d54067c0..bcbad9fa0039 100644
--- a/tools/testing/selftests/kselftest_harness.h
+++ b/tools/testing/selftests/kselftest_harness.h
@@ -54,6 +54,7 @@
#define _GNU_SOURCE
#endif
#include <asm/types.h>
+#include <ctype.h>
#include <errno.h>
#include <stdbool.h>
#include <stdint.h>
@@ -985,6 +986,132 @@ void __wait_for_test(struct __test_metadata *t)
}
}
+static int test_harness_argv_check(int argc, char **argv)
+{
+ const char *opts = "FfVvtTr";
+ unsigned int i;
+
+ for (i = 0; i < argc; i++) {
+ if (!strcmp(argv[i], "-l")) {
+ struct __fixture_variant_metadata *v;
+ struct __fixture_metadata *f;
+ struct __test_metadata *t;
+
+ for (f = __fixture_list; f; f = f->next) {
+ v = f->variant;
+ t = f->tests;
+
+ if (f == __fixture_list)
+ fprintf(stderr, "%-20s %-25s %s\n",
+ "# FIXTURE", "VARIANT", "TEST");
+ else
+ fprintf(stderr, "--------------------------------------------------------------------------------\n");
+
+ do {
+ fprintf(stderr, "%-20s %-25s %s\n",
+ t == f->tests ? f->name : "",
+ v ? v->name : "",
+ t ? t->name : "");
+
+ v = v ? v->next : NULL;
+ t = t ? t->next : NULL;
+ } while (v || t);
+ }
+ return 1;
+ }
+ if (!strcmp(argv[i], "-h")) {
+help_and_fail:
+ argv--;
+ fprintf(stderr,
+ "Usage: %s [-h|-l] [-t|-T|-v|-V|-f|-F|-r name]\n"
+ "\t-h print help\n"
+ "\t-l list all tests\n"
+ "\n"
+ "\t-t name include test\n"
+ "\t-T name exclude test\n"
+ "\t-v name include variant\n"
+ "\t-V name exclude variant\n"
+ "\t-f name include fixture\n"
+ "\t-F name exclude fixture\n"
+ "\t-r name run specified test\n"
+ "\n"
+ "Test filter options can be specified "
+ "multiple times. The filtering stops\n"
+ "at the first match. For example to "
+ "include all tests from variant 'bla'\n"
+ "but not test 'foo' specify '-T foo -v bla'.\n"
+ "", argv[0]);
+ return -1;
+ }
+ }
+
+ if (argc % 2) {
+ ksft_print_msg("FATAL: Odd number of arguments\n");
+ goto help_and_fail;
+ }
+
+ for (i = 0; i < argc; i += 2) {
+ if (strnlen(argv[i], 3) != 2 || argv[i][0] != '-') {
+ ksft_print_msg("FATAL: invalid option '%s'\n", argv[i]);
+ goto help_and_fail;
+ }
+
+ if (!strchr(opts, argv[i][1])) {
+ ksft_print_msg("FATAL: unknown option '%s'\n", argv[i]);
+ goto help_and_fail;
+ }
+ }
+
+ return 1;
+}
+
+static bool test_enabled(int argc, char **argv,
+ struct __fixture_metadata *f,
+ struct __fixture_variant_metadata *v,
+ struct __test_metadata *t)
+{
+ unsigned int flen, vlen, tlen = 0;
+ bool has_positive = false;
+ unsigned int i;
+
+ for (i = 0; i < argc; i += 2) {
+ has_positive |= islower(argv[i][1]);
+
+ switch (tolower(argv[i][1])) {
+ case 't':
+ if (!strcmp(t->name, argv[i + 1]))
+ return islower(argv[i][1]);
+ break;
+ case 'f':
+ if (!strcmp(f->name, argv[i + 1]))
+ return islower(argv[i][1]);
+ break;
+ case 'v':
+ if (!strcmp(v->name, argv[i + 1]))
+ return islower(argv[i][1]);
+ break;
+ case 'r':
+ if (!tlen) {
+ flen = strlen(f->name);
+ vlen = strlen(v->name);
+ tlen = strlen(t->name);
+ }
+ if (strlen(argv[i + 1]) == flen + 1 + vlen + !!vlen + tlen &&
+ !strncmp(f->name, &argv[i + 1][0], flen) &&
+ !strncmp(v->name, &argv[i + 1][flen + 1], vlen) &&
+ !strncmp(t->name, &argv[i + 1][flen + 1 + vlen + !!vlen], tlen))
+ return true;
+ break;
+ }
+ }
+
+ /*
+ * If there are no positive tests then we assume user just wants
+ * exclusions and everything else is a pass.
+ */
+ return !has_positive;
+}
+
void __run_test(struct __fixture_metadata *f,
struct __fixture_variant_metadata *variant,
struct __test_metadata *t)
@@ -1032,8 +1159,7 @@ void __run_test(struct __fixture_metadata *f,
f->name, variant->name[0] ? "." : "", variant->name, t->name);
}
-static int test_harness_run(int __attribute__((unused)) argc,
- char __attribute__((unused)) **argv)
+static int test_harness_run(int argc, char **argv)
{
struct __fixture_variant_metadata no_variant = { .name = "", };
struct __fixture_variant_metadata *v;
@@ -1045,11 +1171,21 @@ static int test_harness_run(int __attribute__((unused)) argc,
unsigned int count = 0;
unsigned int pass_count = 0;
+ argc--; argv++; /* Skip the name of the binary */
+ ret = test_harness_argv_check(argc, argv);
+ if (ret < 0)
+ return KSFT_FAIL;
+
for (f = __fixture_list; f; f = f->next) {
for (v = f->variant ?: &no_variant; v; v = v->next) {
- case_count++;
+ unsigned int old_tests = test_count;
+
for (t = f->tests; t; t = t->next)
- test_count++;
+ if (test_enabled(argc, argv, f, v, t))
+ test_count++;
+
+ if (old_tests != test_count)
+ case_count++;
}
}
@@ -1063,6 +1199,8 @@ static int test_harness_run(int __attribute__((unused)) argc,
for (f = __fixture_list; f; f = f->next) {
for (v = f->variant ?: &no_variant; v; v = v->next) {
for (t = f->tests; t; t = t->next) {
+ if (!test_enabled(argc, argv, f, v, t))
+ continue;
count++;
t->results = results;
__run_test(f, v, t);
--
2.36.1
TEST_GEN_FILES contains files that are generated during compilation and are
required to be included together with the test binaries, e.g. when
performing:
make -C tools/testing/selftests install INSTALL_PATH=/some/other/path [*]
Add test_encl.elf to TEST_GEN_FILES because otherwise the installed test
binary will fail to run.
[*] https://docs.kernel.org/dev-tools/kselftest.html
Cc: stable(a)vger.kernel.org
Fixes: 2adcba79e69d ("selftests/x86: Add a selftest for SGX")
Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org>
---
v2:
Use TEST_GEN_FILES in the "all" target, instead of duplicating the path for
test_encl.elf.
---
tools/testing/selftests/sgx/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile
index 75af864e07b6..7f60811b5b20 100644
--- a/tools/testing/selftests/sgx/Makefile
+++ b/tools/testing/selftests/sgx/Makefile
@@ -17,9 +17,10 @@ ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \
-fno-stack-protector -mrdrnd $(INCLUDES)
TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx
+TEST_GEN_FILES := $(OUTPUT)/test_encl.elf
ifeq ($(CAN_BUILD_X86_64), 1)
-all: $(TEST_CUSTOM_PROGS) $(OUTPUT)/test_encl.elf
+all: $(TEST_CUSTOM_PROGS) $(TEST_GEN_FILES)
endif
$(OUTPUT)/test_sgx: $(OUTPUT)/main.o \
--
2.36.1
With the bpf_map security hook, an eBPF program is able to restrict access
to a map. For example, it might allow only read accesses and deny write
accesses.
Unfortunately, permissions are not accurately specified by libbpf and
bpftool. As a consequence, even if they are requested to perform a
read-like operation, such as a map lookup, that operation fails even if the
caller has the right to do so.
Even worse, the iteration over existing maps stops as soon as a
write-protected one is encountered. Maps after the write-protected one are
not accessible, even if the user has the right to perform operations on
them.
At low level, the problem is that open_flags and file_flags, respectively
in the bpf_map_get_fd_by_id() and bpf_obj_get(), are set to zero. The
kernel interprets this as a request to obtain a file descriptor with full
permissions.
For some operations, like show or dump, a read file descriptor is enough.
Those operations could be still performed even in a write-protected map.
Also for searching a map by name, which requires getting the map info, a
read file descriptor is enough. If an operation requires more permissions,
they could still be requested later, after the search.
First, solve both problems by extending libbpf with two new functions,
bpf_map_get_fd_by_id_flags() and bpf_obj_get_flags(), which unlike their
counterparts bpf_map_get_fd_by_id() and bpf_obj_get(), have the additional
parameter flags to specify the needed permissions for an operation.
Then, propagate the flags in bpftool from the functions implementing the
subcommands down to the functions calling bpf_map_get_fd_by_id() and
bpf_obj_get(), and replace the latter functions with their new variant.
Initially, set the flags to zero, so that the current behavior does not
change.
The only exception is for map search by name, where a read-only permission
is requested, regardless of the operation, to get the map info. In this
case, request a new file descriptor if a write-like operation needs to be
performed after the search.
Finally, identify other read-like operations in bpftool and for those
replace the zero value for flags with BPF_F_RDONLY.
The patch set is organized as follows.
Patches 1-2 introduce the two new variants of bpf_map_get_fd_by_id() and
bpf_obj_get() in libbpf, named respectively bpf_map_get_fd_by_id_flags()
and bpf_obj_get_flags().
Patches 3-7 propagate the flags in bpftool from the functions implementing
the subcommands to the two new libbpf functions, and always set flags to
BPF_F_RDONLY for the map search operation.
Patch 8 adjusts permissions depending on the map operation performed.
Patch 9 ensures that read-only accesses to a write-protected map succeed
and write accesses still fail. Also ensure that map search is always
successful even if there are write-protected maps.
Changelog
v1:
- Define per-operation permissions rather than retrying access with
read-only permission (suggested by Daniel)
https://lore.kernel.org/bpf/20220530084514.10170-1-roberto.sassu@huawei.com/
Roberto Sassu (9):
libbpf: Introduce bpf_map_get_fd_by_id_flags()
libbpf: Introduce bpf_obj_get_flags()
bpftool: Add flags parameter to open_obj_pinned_any() and
open_obj_pinned()
bpftool: Add flags parameter to *_parse_fd() functions
bpftool: Add flags parameter to map_parse_fds()
bpftool: Add flags parameter to map_parse_fd_and_info()
bpftool: Add flags parameter in struct_ops functions
bpftool: Adjust map permissions
selftests/bpf: Add map access tests
tools/bpf/bpftool/btf.c | 11 +-
tools/bpf/bpftool/cgroup.c | 4 +-
tools/bpf/bpftool/common.c | 52 ++--
tools/bpf/bpftool/iter.c | 2 +-
tools/bpf/bpftool/link.c | 9 +-
tools/bpf/bpftool/main.h | 17 +-
tools/bpf/bpftool/map.c | 24 +-
tools/bpf/bpftool/map_perf_ring.c | 3 +-
tools/bpf/bpftool/net.c | 2 +-
tools/bpf/bpftool/prog.c | 12 +-
tools/bpf/bpftool/struct_ops.c | 39 ++-
tools/lib/bpf/bpf.c | 16 +-
tools/lib/bpf/bpf.h | 2 +
tools/lib/bpf/libbpf.map | 2 +
.../bpf/prog_tests/test_map_check_access.c | 264 ++++++++++++++++++
.../selftests/bpf/progs/map_check_access.c | 65 +++++
16 files changed, 452 insertions(+), 72 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/test_map_check_access.c
create mode 100644 tools/testing/selftests/bpf/progs/map_check_access.c
--
2.25.1
Hello,
The series adds support for the renameat2 system call RENAME_EXCHANGE flag
(which allows to atomically replace two paths) to the vfat filesystem code.
There are many use cases for this, but we are particularly interested in
making possible for vfat filesystems to be part of OSTree [0] deployments.
Currently OSTree relies on symbolic links to make the deployment updates
an atomic transactional operation. But RENAME_EXCHANGE could be used [1]
to achieve a similar level of robustness when using a vfat filesystem.
Patch #1 is just a preparatory patch to introduce the RENAME_EXCHANGE
support, patch #2 moves some code blocks in vfat_rename() to a set of
helper functions, that can be reused by tvfat_rename_exchange() that's
added by patch #3 and finally patch #4 adds some kselftests to test it.
This is a v5 that addresses issues pointed out in v4:
https://lore.kernel.org/lkml/18d9e587-b4f7-6ee7-185a-af0e667e0ec5@redhat.co…
[0]: https://github.com/ostreedev/ostree
[1]: https://github.com/ostreedev/ostree/issues/1649
Changes in v5:
- Only update nlink for different parent dirs and file types (OGAWA Hirofumi).
Changes in v4:
- Add new patch from OGAWA Hirofumi to use the helpers in vfat_rename().
- Rebase the patch on top of OGAWA Hirofumi proposed changes.
- Drop iversion increment for old and new file inodes (OGAWA Hirofumi).
- Add Muhammad Usama Anjum Acked-by tag.
Changes in v3:
- Add a .gitignore for the rename_exchange binary (Muhammad Usama Anjum).
- Include $(KHDR_INCLUDES) instead of hardcoding a relative path in Makefile
(Muhammad Usama Anjum).
Changes in v2:
- Only update the new_dir inode version and timestamps if != old_dir
(Alex Larsson).
- Add some helper functions to avoid duplicating code (OGAWA Hirofumi).
- Use braces for multi-lines blocks even if are one statement (OGAWA Hirofumi).
- Mention in commit message that the operation is as transactional as possible
but within the vfat limitations of not having a journal (Colin Walters).
- Call sync to flush the page cache before checking the file contents
(Alex Larsson).
- Drop RFC prefix since the patches already got some review.
Javier Martinez Canillas (3):
fat: add a vfat_rename2() and make existing .rename callback a helper
fat: add renameat2 RENAME_EXCHANGE flag support
selftests/filesystems: add a vfat RENAME_EXCHANGE test
OGAWA Hirofumi (1):
fat: factor out reusable code in vfat_rename() as helper functions
MAINTAINERS | 1 +
fs/fat/namei_vfat.c | 232 +++++++++++++++---
tools/testing/selftests/Makefile | 1 +
.../selftests/filesystems/fat/.gitignore | 2 +
.../selftests/filesystems/fat/Makefile | 7 +
.../testing/selftests/filesystems/fat/config | 2 +
.../filesystems/fat/rename_exchange.c | 37 +++
.../filesystems/fat/run_fat_tests.sh | 82 +++++++
8 files changed, 325 insertions(+), 39 deletions(-)
create mode 100644 tools/testing/selftests/filesystems/fat/.gitignore
create mode 100644 tools/testing/selftests/filesystems/fat/Makefile
create mode 100644 tools/testing/selftests/filesystems/fat/config
create mode 100644 tools/testing/selftests/filesystems/fat/rename_exchange.c
create mode 100755 tools/testing/selftests/filesystems/fat/run_fat_tests.sh
--
2.36.1
Hello,
The series adds support for the renameat2 system call RENAME_EXCHANGE flag
(which allows to atomically replace two paths) to the vfat filesystem code.
There are many use cases for this, but we are particularly interested in
making possible for vfat filesystems to be part of OSTree [0] deployments.
Currently OSTree relies on symbolic links to make the deployment updates
an atomic transactional operation. But RENAME_EXCHANGE could be used [1]
to achieve a similar level of robustness when using a vfat filesystem.
Patch #1 is just a preparatory patch to introduce the RENAME_EXCHANGE
support, patch #2 moves some code blocks in vfat_rename() to a set of
helper functions, that can be reused by tvfat_rename_exchange() that's
added by patch #3 and finally patch #4 adds some kselftests to test it.
This is a v4 that addresses issues pointed out in the third version posted:
https://www.spinics.net/lists/kernel/msg4373694.html
[0]: https://github.com/ostreedev/ostree
[1]: https://github.com/ostreedev/ostree/issues/1649
Changes in v4:
- Add new patch from OGAWA Hirofumi to use the helpers in vfat_rename().
- Rebase the patch on top of OGAWA Hirofumi proposed changes.
- Drop iversion increment for old and new file inodes (OGAWA Hirofumi).
- Add Muhammad Usama Anjum Acked-by tag.
Changes in v3:
- Add a .gitignore for the rename_exchange binary (Muhammad Usama Anjum).
- Include $(KHDR_INCLUDES) instead of hardcoding a relative path in Makefile
(Muhammad Usama Anjum).
Changes in v2:
- Only update the new_dir inode version and timestamps if != old_dir
(Alex Larsson).
- Add some helper functions to avoid duplicating code (OGAWA Hirofumi).
- Use braces for multi-lines blocks even if are one statement (OGAWA Hirofumi).
- Mention in commit message that the operation is as transactional as possible
but within the vfat limitations of not having a journal (Colin Walters).
- Call sync to flush the page cache before checking the file contents
(Alex Larsson).
- Drop RFC prefix since the patches already got some review.
Javier Martinez Canillas (3):
fat: add a vfat_rename2() and make existing .rename callback a helper
fat: add renameat2 RENAME_EXCHANGE flag support
selftests/filesystems: add a vfat RENAME_EXCHANGE test
OGAWA Hirofumi (1):
fat: factor out reusable code in vfat_rename() as helper functions
MAINTAINERS | 1 +
fs/fat/namei_vfat.c | 222 +++++++++++++++---
tools/testing/selftests/Makefile | 1 +
.../selftests/filesystems/fat/.gitignore | 2 +
.../selftests/filesystems/fat/Makefile | 7 +
.../testing/selftests/filesystems/fat/config | 2 +
.../filesystems/fat/rename_exchange.c | 37 +++
.../filesystems/fat/run_fat_tests.sh | 82 +++++++
8 files changed, 315 insertions(+), 39 deletions(-)
create mode 100644 tools/testing/selftests/filesystems/fat/.gitignore
create mode 100644 tools/testing/selftests/filesystems/fat/Makefile
create mode 100644 tools/testing/selftests/filesystems/fat/config
create mode 100644 tools/testing/selftests/filesystems/fat/rename_exchange.c
create mode 100755 tools/testing/selftests/filesystems/fat/run_fat_tests.sh
--
2.36.1
Dzień dobry,
chciałbym poinformować Państwa o możliwości pozyskania nowych zleceń ze strony www.
Widzimy zainteresowanie potencjalnych Klientów Państwa firmą, dlatego chętnie pomożemy Państwu dotrzeć z ofertą do większego grona odbiorców poprzez efektywne metody pozycjonowania strony w Google.
Czy mógłbym liczyć na kontakt zwrotny?
Pozdrawiam serdecznie,
Wiktor Nurek